Train Series Release Notes


New Features

  • The following new parameters have been added to support arbitrary configurations for openvsiwtch_agent.ini and sriov_agent.ini

    • neutron::config::ovs_agent_config

    • neutron::config::sriov_agent_config

  • The new neutron::keystone::authtoken::interface parameter has been added, which can be used to set the interface parameter in authtoken middleware.

  • Support for the logging serivce plugin parameters has been added to the following classes.

    • neutron::agent::l3

    • neutron::agent::ml2::ovs

    • neutron::plugins::ml2::ovn

  • It is now possible to set the report interval for the networking-baremetal ml2 agent by using new parameter report_interval in the neutron::agents::ml2::networking_baremetal class.

  • The neutron::agents::ovn_metadata class now supports the following two new parameters.

    • ovsdb_probe_interval parameter to configure [ovn]ovsdb_probe_interval in ovn metadata agent config file.

    • ovsdb_retry_max_interval parameter to configure [ovn]ovsdb_retry_max_interval in ovn metadata agent config file.

  • The neutron::plugins::ml2::ovn class now supports the following two new parameters.

    • ovsdb_retry_max_interval

    • ovsdb_probe_interval

  • Now the neutron::agents::ml2::ovs class and the neutron::agents::ml2::sriov class supports the resource_provider_default_hypervisor parameter to set the corresponding parameter in ovs-agent and sriov-agent.

Bug Fixes

  • Bug #1987460: Previously the neutron::agents::ml2::mlnx class causes duplicate resources when used with the neutron::agents::dhcp class or the neutron::agents::l3 class. Now it is possible to workaround the error by implementing the following mitigation.

    • Include the neutron::agents::ml2::mlnx class AFTER the neutron::agents::dhcp class or the neutron::agents::l3

    • Set the interface_driver parameter and the dhcp_broadcast_reply parameter consistently.


New Features

  • Add ‘dnsmasq_enable_addr6_list’ option support to dhcp agent settings. (See bug: #1861032)

  • The following two new classes have been added, to set up parameters in ovs_driver and sriov_driver section.

    • neutron::plugins::ml2::ovs_driver

    • neutron::plugins::ml2::sriov_driver

  • Add a new configuration option called “ovn_emit_need_to_frag” to the “ovn” section of etc/neutron/plugins/ml2_conf.ini. This new option tells ovn whether it should emit “need to frag” packets in case of MTU mismatch. Before enabling this configuration make sure that its supported by the host kernel (version >= 5.2) or by checking the output of the following command: ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep “Check pkt length action”. Defaults to False.

  • Add new configuration parameter explicitly_egress_direct for ML2 OVS agent When set to True, the accepted egress unicast traffic will not use action NORMAL. The accepted egress packets will be taken care of in the final egress tables direct output flows for unicast traffic so that operators can set customized integration bridge name in l3 agent configuration. This can be enabled on some nodes to prevent flooding on integration bridge.

  • Add support for resource provider bandwidth.

  • The following two parameters have been added to define mapping of bridge name and hyper visor name to locate the parent of the resource provider tree.

    • neutron::agents::ml2::ovs::resource_provider_hypervisors

    • neutorn::agents::ml2::sriov::resource_provider_hypervisors


New Features

  • Added new parameters of_connect_timeout and of_request_timeout in the neutron::agents::ml2::ovs class.

  • Added new parameter neutron::agents::ml2::ovs::of_inactivity_probe.

  • Added new parameter neutron::agents::ml2::ovs::ovsdb_timeout.

Upgrade Notes

  • Switched the default value of the metadata_workers configuration option for the OVN metadata agents to 2 (from $::os_workers). While the OVS metadata agents runs on the controllers/gateway nodes (and defaults to $::os_workers) the OVN metadata agents are distributed and runs on the compute nodes instead so, there’s no point in running dozen of them on each compute. Also, by reducing the number of workers we also reduce the burden on the OVSDB that the OVN metadata agent connects to making OVN more scalable.


Upgrade Notes

  • The deprecated parameter neutron::manage_logging is removed.


New Features

  • Add support for Neutron MLNX agent.

  • This patch introduce parameters which support SSL to connect to OVN_Northbound DB and OVN_Southbound DB. This can be set by: * ‘ovn_nb_private_key’: The PEM file with private key for SSL connection to OVN-NB-DB * ‘ovn_nb_certificate’: The PEM file with certificate that certifies the private key specified in ovn_nb_private_key * ‘ovn_nb_ca_cert’: The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers * ‘ovn_sb_private_key’: The PEM file with private key for SSL connection to OVN-SB-DBt, * ‘ovn_sb_certificate’: The PEM file with certificate that certifies the private key specified in ovn_sb_private_key’ * ‘ovn_sb_ca_cert’: The PEM file with CA certificate that OVN should use to verify certificates presented to it by SSL peers

  • Allow users to run the RabbitMQ heartbeat over a native python thread in the oslo.messaging RabbitMQ driver, by using the rabbit_heartbeat_in_pthread option in configuration.

Upgrade Notes

  • The deprecated pki related options check_revocations_for_cached and hash_algorithms option has been removed.


New Features

  • Add support for configuring security group permitted_ethertypes on the Neutron OVS agent.

  • New hieradata, neutron::keystone::authtoken::service_token_roles, is introduced so that specific role can be assigned to the service user who can use service token feature.

  • Add support to configure [oslo_middleware]/max_request_body_size with $max_request_body_size.

Upgrade Notes

  • The Neutron LBaaS plugin has been removed upstream and is no longer available in the Train release. The following deprecated resources has been removed:

    • neutron::agents::lbaas

    • neutron::config::lbaas_agent_config

    • neutron::server::ensure_lbaas_package

    • neutron::services::lbaas

    • neutron::services::lbaas::haproxy

    • neutron::services::lbaas::octavia

    • neutron_lbaas_agent_config

    • neutron_lbaas_service_config

    Please see the following link for more information on this deprecation:

    You should use the Octavia project to implement LBaaS.


New Features

  • Add openstackclient installation to the client class.

  • Added the ability to configure rpc_response_max_timeout.

Upgrade Notes

  • The default value for neutron::plugins::cisco::keystone_auth_url is changed from to

  • The default value for neutron::plugins::plumgrid::connection is changed from to

  • The default value for neutron::plugins::midonet::keystone_tenant and neutron::plugins::ml2::bigswitch::restproxy::auth_tenant has been changed from ‘service’ to ‘services’.

Deprecation Notes

  • database_idle_timeout is deprecated and will be removed in a future release. Please use database_connection_recycle_time instead.

Bug Fixes

  • As of Queens the neutron-vpn-agent package for Ubuntu is no longer provided and has been replaced with the package python-neutron-vpnaas.

  • On Debian there is no package named openswan and the package that should be installed for VPNaaS is strongswan.